Category Started On Completed On Duration Cuckoo Version
FILE 2017-10-15 20:03:33 2017-10-15 20:13:48 615 seconds 1.2
Machine Label Manager Started On Shutdown On
WindowsXPSP3 WindowsXPSP3 VirtualBox 2017-10-15 20:03:33 2017-10-15 20:13:47

File Details

File name malware8.exe
File size 807936 bytes
File type PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 D32CAD69
MD5 61d1492fa21e87bc8d8a637a87b903fa
SHA1 885ea53c1b3823130faae1839ba6247ebfec1c3e
SHA256 730a654ce2bc596a163ff65d7f9546ec4c71377f2555b9f273724f284bbdc3c7
SHA512 6804afb983bd96909e01d14f3f20b5f9cb2f28e841144630bb13916968ed9542d303a202059e1ecb85e82148cb5520401e10e735643298de533254e32a2463e9
Ssdeep 12288:zgxN4PaYzJDws1xHLMdbwhILPv8aLwS1T/Bk2+ZgYYFmVJ:8xetJ2bvPvdLwC/a2w6Ub
PEiD
  • Microsoft Visual C++ V8.0 (Debug)
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2017-10-06 00:15:10
Detection Rate: 49/66 (Expand)

Signatures

No signatures matched

Screenshots

Static Analysis

Sections

Resources

Imports

Strings

Dropped Files

drv.sys

ntkrnl

malware8.exe

Network Analysis

Nothing to display.

Behavior Summary

Files
  • C:\
  • C:\DOCUME~1\cuckoo\LOCALS~1\Temp\malware8.exe
  • C:\Documents and Settings\cuckoo\Application Data\ntkrnl
  • C:\Documents and Settings\cuckoo\Application Data\dwm.exe
  • C:\Documents and Settings\cuckoo\Application Data\win-firewall.exe
  • C:\Documents and Settings\cuckoo\Application Data\adobeflash.exe
  • C:\Documents and Settings\cuckoo\Application Data\desktop.exe
  • C:\Documents and Settings\cuckoo\Application Data\jucheck.exe
  • C:\Documents and Settings\cuckoo\Application Data\jusched.exe
  • C:\Documents and Settings\cuckoo\Application Data\java.exe
  • C:\DosDevices\pipe\
  • pipe\sparkjOCFvK
  • C:\Documents and Settings\cuckoo\Application Data\Installed\windefender.exe
  • C:\drv.sys
Mutexes
  • 7YhngylKo09H
  • SHELLCODE_MUTEX
Registry Keys
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
  • ActiveComputerName
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Processes

registry filesystem process services network synchronization

malware8.exe PID: 1936, Parent PID: 1856

windefender.exe PID: 2000, Parent PID: 1936

Volatility

Nothing to display.